一种识别病毒和蠕虫的算法

对现有的恶意软件检测算法进行研究之后发现,某些检测算法只能检测一种恶意软件,并且部分传统的检测算法在检测恶意程序时漏检率偏高。针对目前现有的检测算法缺乏综合性检测能力的短板,在此文中提出了一种新的检测算法,该检测算法具有一定的综合检测能力。新算法的思路如下：第一步区分某种软件是恶意软件还是非恶意软件,如果是恶意软件则提取其特征码,然后使用决策树根据恶意软件的特征码对恶意软件进行识别和分类,如果存在特征码不能识别的恶意软件,那么再根据病毒和蠕虫的特征使用相似性计算算法对未知的恶意软件进行相似性计算,最后使用决策系统对相似性算法计算的结果进行决策,该恶意软件是病毒还是蠕虫。将相似性计算算法,决策树和决策系统在检测恶意软件算法中进行应用是本文的创新之处。

Algorithm for identifying viruses and worms

After existing malware detection algorithm study found that certain detection algorithm can detect a malware detection algorithm and some traditional high missing rate in detecting malicious programs. Aiming at the existing detection algorithm to detect a lack of comprehensive capacity short board, we propose a new detection algorithm in this article, the detection algorithm has some integrated detection capabilities. The new algorithm ideas are as follows: The first step is to distinguish between a software or non-malicious software malware, malicious software if its signature is extracted, and then use the decision tree based on malware signatures of malware identification and classification, if signature does not recognize the existence of malware, then according to the characteristics of viruses and worms use similarity calculation algorithm for unknown malware similarity calculation, the final decision system using the algorithm to calculate the similarity of the results of decision-making, the malicious software is a virus or a worm. The similarity calculation algorithm, decision tree and decision-making system in the application of algorithms to detect malicious software is the innovation of this paper.